mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-05-27 01:38:48 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
WebShells-Second-Display
opensourcepos/.github/workflows
History
jekkos 8d6b166673 feat: Add deployment workflow with approval gates (#4522) 
* feat: Add deployment workflows with approval gates

Add GitHub Actions workflows for controlled deployments:

deploy.yml - Manual Deploy:
- Triggered via Actions UI (workflow_dispatch)
- Select environment (production/staging)
- Select Docker image tag
- Reusable via workflow_call for other workflows
- Creates GitHub deployment records with status tracking
- Sends Docker Hub compatible webhook payload
- Environment input validation for workflow_call

deploy-pr.yml - PR Deploy:
- Auto-triggers when PR is approved (same-repo only)
- Deploys to staging environment
- Image tag format: pr-{number}-{short-sha}
- Posts deployment status as PR comment
- Fork PR protection: only runs for same-repo PRs

Security:
- jq-based JSON payload construction (prevents script injection)
- HMAC-SHA256 signature verification for webhook
- Untrusted inputs via env: blocks (not inline interpolation)
- Environment validation before deployment
- Fork detection guard for PR deployments

Fixes CodeRabbit review comments:
- Invalid jq string filter syntax (missing quotes)
- Unvalidated environment input in workflow_call
- Fork PR deployments blocked by pull_request_review restrictions

* refactor: Limit deployment to staging only

- Remove environment input choice (was production/staging)
- Hardcode environment to 'staging' throughout
- Simplify workflow - no environment validation needed
- Update concurrency group to deploy-staging

* refactor: Extract deployment logic to reusable deploy-core.yml

Restructure workflows to eliminate code duplication:

deploy-core.yml (new):
- Reusable workflow with all deployment logic
- Creates GitHub deployment record
- Sends webhook payload to external service
- Handles status updates
- Accepts image_tag, sha, description, pr_number inputs
- Outputs deployment_id and status

deploy.yml (simplified):
- Manual trigger only
- Calls deploy-core with user-provided image_tag
- 18 lines (was 175)

deploy-pr.yml (simplified):
- PR approval trigger with fork guard
- Prepare job: checkout, generate PR image tag
- Deploy job: calls deploy-core
- Comment job: post status to PR
- 70 lines (was 204)

---------

Co-authored-by: Ollama <ollama@steganos.dev>
2026-05-18 21:48:02 +02:00
..
build-release.yml
fix(ci): include hidden files in Docker build context (#4543)
2026-05-13 07:06:23 +02:00
delete-unstable-release.yml
Add delete unstable release after push (#4136)
2024-12-27 00:23:32 +01:00
deploy-core.yml
feat: Add deployment workflow with approval gates (#4522)
2026-05-18 21:48:02 +02:00
deploy-pr.yml
feat: Add deployment workflow with approval gates (#4522)
2026-05-18 21:48:02 +02:00
deploy.yml
feat: Add deployment workflow with approval gates (#4522)
2026-05-18 21:48:02 +02:00
main.yml
Update to CodeIgniter 4.7.2 (#4485)
2026-04-14 01:05:10 +04:00
php-linter.yml
Update to CodeIgniter 4.7.2 (#4485)
2026-04-14 01:05:10 +04:00
phpunit.yml
Update to CodeIgniter 4.7.2 (#4485)
2026-04-14 01:05:10 +04:00
README.md
feat: migrate CI from Travis to GitHub Actions with enhancements
2026-04-01 16:46:03 +00:00
release.yml
fix: address all review comments and restore issue template version update
2026-04-08 11:01:11 +00:00

README.md

GitHub Actions

This document describes the CI/CD workflows for OSPOS.

Build and Release Workflow (.github/workflows/build-release.yml)

Build Process

  • Setup PHP 8.2 with required extensions
  • Setup Node.js 20
  • Install composer dependencies
  • Install npm dependencies
  • Build frontend assets with Gulp

Docker Images

  • Build and push opensourcepos Docker image for multiple architectures (linux/amd64, linux/arm64)
  • On master: tagged with version and latest
  • On other branches: tagged with version only
  • Pushed to Docker Hub

Releases

  • Create distribution archives (tar.gz, zip)
  • Create/update GitHub "unstable" release on master branch only

Required Secrets

To use this workflow, you need to add the following secrets to your repository:

  1. DOCKER_USERNAME - Docker Hub username for pushing images
  2. DOCKER_PASSWORD - Docker Hub password/token for pushing images

How to add secrets

  1. Go to your repository on GitHub
  2. Click SettingsSecrets and variablesActions
  3. Click New repository secret
  4. Add DOCKER_USERNAME and DOCKER_PASSWORD

The GITHUB_TOKEN is automatically provided by GitHub Actions.

Workflow Triggers

  • Push to master - Runs build, Docker push (with latest tag), and release
  • Push to other branches - Runs build and Docker push (version tag only)
  • Push tags - Runs build and Docker push (version tag only)
  • Pull requests - Runs build only (PHPUnit tests run in parallel via phpunit.yml)

Existing Workflows

This repository also has these workflows:

  • .github/workflows/main.yml - PHP linting with PHP-CS-Fixer
  • .github/workflows/phpunit.yml - PHPUnit tests (runs on all PHP versions 8.1-8.4)
  • .github/workflows/php-linter.yml - PHP linting

Testing

PHPUnit tests are run separately via .github/workflows/phpunit.yml on every push and pull request, testing against PHP 8.1, 8.2, 8.3, and 8.4.

To test the build workflow:

  1. Add the required secrets
  2. Push to master or create a PR
  3. Monitor the Actions tab in GitHub
Reference in New Issue View Git Blame Copy Permalink